Planet Javasummit

July 22, 2017

Tim Bray Android Auto

I just had my first experience with Android Auto and I suppose there are lots of other people who haven’t been there yet, so a few words might be useful. Short form: Rough around the edges, but super-helpful.

What with my job, I sometimes have to travel between Vancouver and downtown Seattle; all the options are lousy. Driving isn’t my favorite but sometimes it happens. Recently I rented a car for the purpose; reserved the standard corporate-guidance minibox but they were overrun with summer tourists and, threatened with a long wait for the right car, I became That Guy you want out of your face. So they picked the top key off the stack and gave a brand new Dodge Charger with Android Auto (hereinafter AA).

Dodge Charger

What a ridiculous car. It has muscle bulges on its muscle bulges. Nobody would call it agile; stomp the gas and it takes a few moments to make sure you really meant it. But then, oh my goodness it gets down and boogies, putting all those bulges to work. I had great fun blasting through gaps in Seattle’s infamous perma-jam. Also, the seats were comfy.

Would I buy one… Are you kidding me? But thanks to National for the impromptu upgrade.

But I digress

Back to Android Auto. Once I plugged in the USB, my Pixel hooked up to the car right away; all I had to do was tap “OK” a few times.

Android Auto screenie

I used it to play music, send and receive phone calls and texts (with Signal of course), navigate, and listen to a ball game.

On balance, it works pretty well, albeit with rough edges. Here’s what you need to know about conversing with AA: Your answers should echo the questions. For example, if you get a message and AA asks you if you want to respond, don’t say “Yes”, say “Respond”.

Amusingly, I got a front-row seat for this bugfix; on July 16th I couldn’t get texting to work, but it was fine on the 18th.


Google Maps are pretty great and so are AA’s. The UI could use a little polishing; if I say “OK Google, directions home.” and there’s only really sane choice, don’t make me tap the screen, just go there.

The real pleasant surprise was when I sort of lost context on where I was and how far I had to go. I pulled over and discovered I could actually pinch, zoom, and rotate the on-screen map. Impressive!


This was my fave. “OK Google, play Led Zeppelin.” “OK Google, play Rough Mix.” “OK Google, play Drycleaner from Des Moines”. Sometimes it takes a surprising amount of time to think it over, but I gotta say, it never missed. Now, I didn’t try any classical choices, because after all it was a Dodge Charger.

All this presupposes you have Google Music set up, which I strongly recommend; it’s free and good, what’s not to like?

What else?

Well, there are lots of apps, but I’m not seeing anything that’s making me breathe hard. Well, Skype could be handy. Also, I wouldn’t mind having a voice reading my Twitter stream when there’s hot news breaking. But I have to say that maps, music, phone, and text hit a huge 80/20 point.


  1. Bigger screens are better. The Charger’s was only OK, which left AA sort of cramped, surrounded by the Charger’s built-in apparatus for radio, climate-control, and so on.

  2. I think I need AA in my next car.

Tim Bray On Password Managers

It has come to my attention that people are Wrong On The Internet about password managers. This matters, because almost everybody should be using one. Herewith background, opinions, and a description of my own setup, which is reasonably secure.

What is a password manager?

It’s a piece of software that does the following (although not all of them do all of these):

  1. Store your passwords in a safe way, protected by at least a password, which we call the “master password”.

  2. Make new passwords for you. Here’s an example of a generated password: QzbaLX}wA8Ad8awk. You’re not expected to remember these.

  3. Make it easy to use passwords. One way is to copy it out of the manager and paste it into a password field. Another is to use a browser plugin that auto-fills login forms. On certain combinations of app and mobile device, you can use your fingerprint to open the password manager, which makes everything way faster and easier.

  4. Store other stuff too. I keep various Important Numbers and AWS credentials and recovery phrases and so on in there.

  5. Synchronize between devices. I have two computers and one phone and I need access to my passwords on all of them.

There’s more, but those are the essentials. The effect is that you end up using a different password for every site and app, that they’re all strong, and that you don’t have to remember very much.

My own manager, which I’ve been running for years now, contains 504 items, and I use it a few times a day, every day. Granted, many of the 504 are for sites and apps that no longer exist (like the dead people I can’t bear to erase from my contacts).

How they work

It’s pretty straightforward conceptually. They have a little database with all the stuff in it, and it’s all encrypted using your password. So even if someone steals the database, you’re probably OK because modern crypto makes it really hard to crack the code.

Where it gets interesting is how these things synchronize between devices, and how they use the network.

Basically, it comes down to this: Can you get access to your passwords over the Web? Lots of password managers allow this, but some don’t. For example, I use the 1Password app, which has no website whatsoever, and has a variety of ways of syncing (iCloud, Dropbox, WiFi, local folder) none of which involve talking to a website with a browser. [There are lots of other password managers, which I’m not gong to write about because I don’t use them.]

What’s wrong with a Web site?

The problem is that the site has my encrypted data, and at some point, wants me to type in the password. Thus, in principle, they can peek and see my passwords. And hand them over to the NSA. Or to the criminal gang that abducted the CEO’s children. This makes me unhappy.

In principle, this could be OK. What with modern JavaScript, it’d be perfectly practicable to do all the crypto inside my browser, never send the password (or anything unencrypted) over the wire, and have me sleep soundly at night. Furthermore, since JavaScript is by definition open-source, I could in principle look at the code and satisfy myself that it’s wholesome.

In practice, nope. The JavaScript platform is dynamic to the core and horrifyingly complex even before they start loading massive modern application frameworks on it; any teeny little bug or zero-day exploit at any level of the stack and I’m cooked. Also, the NSA or a crook only has to make the slightest little mod to the code, and take it away a few milliseconds later, and the horse would (silently) be out of the barn.

In the 1Password app’s sync model, however, one assumes they use the pretty-secure HTTPS-based APIs for each of these products, machine to machine, no JavaScript in the loop.

Why we’re talking about this

Because AgileBits, the company behind 1Password, is trying to get people to move over to a Web-based thing; that’s what you find when you go to

There’s a decent summary at cyberscoop and a longer, more personal narrative from Kenn White.

I, like many security-conscious people, am just not gonna use anything where the same party, who’s not me, gets to see my stored data and my password. Sorry. But I love the 1Password apps and I’d really like to go on using them. More on that later.

Let’s get serious

Am I claiming that my app-only approach is 100% safe? No, because security just isn’t binary, ever. Let’s see:

  1. The bad guys could slip a sedative into my coffee at a coffee shop and install a keylogger on my computer, or

  2. install a camera anywhere I work and focus it on my hands, or

  3. phish me with a super-clever website or poisoned USB key, and get the keylogger in that way, or

  4. point a gun at me and ask me to unlock all my devices (then probably pull the trigger), or

  5. send a National Security Letter to AgileBits and force them to put backdoor code in a future 1Password app release that sends the goodies to the enemies.

And anyhow I’m obviously a lame-ass hypocrite because I use the 1Password Chrome plugin to fill in forms for me, and this means I type the master password into a browser. Having said that, I verified that it works when I have the networks turned off, and at the end of the day, the plug-in is no more nor less secure than the app I use all the time.

Is your setup perfect?

Well, I only remember four passwords: For my personal computer, for my work computer, for my AWS account, and the 1Password master. And the AWS password is just an accident of history; I only need 3.

Obviously I change them regularly and use password-less ssh access wherever I can, and lots of places I go have two-factor, via SMS or hardware token (Gemalto, Yubikey) or the Android Authenticator app.

So, on balance I feel pretty secure. One downside is when I’m setting up a new computer or phone. The process of typing in long generated passwords on a mobile “keyboard” is so impractical as to be hilarious.

In effect, my security is about as good as my mobile device’s. Actually a bit better, because the 1Password app needs one more fingerprint-or-password.

You sync through Dropbox, are you crazy?!

After all, Condi Rice is a board member, which has to worry you. But let’s assume the worst: that Dropbox turns turtle for the Feds, or gets totally pwned by bad guys. So, congrats, they have my encrypted password file. It’s not impossible that they might crack it. But it’d probably be easier and cheaper for them to slip a sedative in my coffee, or… (see above).

Why is AgileBits doing this?

For the same reason that Adobe has been pressuring its customers, for years now, to start subscribing to its products, rather than buying each successive version of each app. A subscription business is much nicer to operate than one where you have to go out and re-convince people to re-buy your software.

I understand, and I support AgileBits wanting to become a subscription biz. But I still want to keep my data and password away from their servers. This all seems fine to me. I pay my monthly rent to Adobe and it’s for Lightroom & Photoshop, not for their unexciting server-side offerings.

So AgileBits, why not? Please go ahead and start asking for subscriptions. But don’t ask paranoid people like me to go anywhere near

AgileBits has addressed the situation in Why We Love 1Password Memberships, but it’s really unsatisfying, totally ignoring the security concerns. And (I guess I shouldn’t be surprised) failing to acknowledge the business advantages for them in making this move.

Am I wrong?

Maybe there’s something I and the others who are all upset about the 1Password move are missing; maybe it’s all just OK and there’s really no significant loss of security. In which case, AgileBits really needs to explain why.

July 21, 2017

Worse Than FailureError'd: No Thanks Necessary

"I guess we're not allowed to thank the postal carriers?!" Brian writes.


"So, does the CPU time mean that Microsoft has been listening to every noise I have made since before I was born?" writes Shaun F.


"No problem. I will not attempt to re-use your error message without permission," wrote Alex K.


Mark B. writes, "Ah, if only we could have this in real life."


"Good work Google! Another perfect translation into German," Kolja wrote.


"I was searching for an Atmel MCU, so I naturally opened Atmel's Product Finder. I kind of wish that I didn't," writes Michael B.,


[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

XKCDRussell's Teapot

July 20, 2017

Worse Than FailureFinding the Lowest Value

Max’s team moved into a new office, which brought with it the low-walled, “bee-hive” style cubicle partitions. Their project manager cheerfully explained that the new space “would optimize collaboration”, which in practice meant that every random conversation between any two developers turned into a work-stopping distraction for everyone else.

That, of course, wasn’t the only change their project manager instituted. The company had been around for a bit, and their original application architecture was a Java-based web application. At some point, someone added a little JavaScript to the front end. Then a bit more. This eventually segregated the team into two clear roles: back-end Java developers, and front-end JavaScript developers.

An open pit copper mine

“Silos,” the project manager explained, “are against the ethos of collaboration. We’re all going to be full stack developers now.” Thus everyone’s job description and responsibilities changed overnight.

Add an overly ambitious release schedule and some unclear requirements, and the end result is a lot of underqualified developers rushing to hit targets with tools that they don’t fully understand, in an environment that isn’t conducive to concentration in the first place.

Max was doing his best to tune out the background noise, when Mariella stopped into Dalton’s cube. Dalton, sitting straight across from Max, was the resident “front-end expert”, or at least, he had been before everyone was now a full-stack developer. Mariella was a long-time backend JEE developer who hadn’t done much of the web portion of their application at all, and was doing her best to adapt to the new world.

“Dalton, what’s the easiest way to get the minimum value of an array of numbers in JavaScript?” Mariella asked.

Max did his best to ignore the conversation. He was right in the middle of a particularly tricky ORM-related bug, and was trying to figure out why one fetch operation was generating just awful SQL.

“Hrmmmm…” Dalton said, tapping at his desk and adding to the distraction while he thought. “That’s a tough one. Oh! You should use a filter!”

“A filter, what would I filter on?”

Max combed through the JPA annotations that controlled their data access, cursing the “magic” that generated SQL queries, but as he started to piece it together, Dalton and Mariella continued their “instructional” session.

“In the filter callback, you’d just check to see if each value is the lowest one, and if it is, return true, otherwise return false.” Dalton knocked out a little drum solo on his desk, to celebrate his cleverness.

“But… I wouldn’t know which value is the lowest one, yet,” Mariella said.

“Oh, yeah… I see what you mean. Yeah, this is a tricky one.”

Max traced through the code. Okay, so the @JoinColumn is CUST_ID, so why is it generating a LIKE comparison instead of an equals? Wait, I think I’ve-

“Ah ha!” Dalton said, chucking Max’s train of thought off the rails and through an HO-scale village. “You just sort the array and take the first value!” *Thumpa thumpa tadatada* went Dalton’s little desk drum solo.

“I guess that makes sense,” Mariella said.

At this point, Max couldn’t stay out of the conversation. “No! Don’t do that. Use reduce. Sorting’s an n(lg n) operation.”

“Hunh?” Dalton said. His fingers nervously hovered over his desk, ready to play his next drum solo once he had a vague clue what Max was talking about. “In logs in? We’re not doing logging…”

Max tried again, in simple English. “Sorting is slow. The computer does a lot of extra work to sort all the elements.”

“No it won’t,” Dalton said. “It’ll just take the first element.”

“Ahem.” Max turned to discover the project manager looming over his cube. “We want to encourage collaboration,” the PM said, sternly, “but right now, Max, you’re being disruptive. Please be quiet and let the people around you work.”

And that was how Dalton’s Minimum Finding Algorithm got implemented, and released as part of their production code base.

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

July 19, 2017

Worse Than FailureCodeSOD: A Pre-Packaged Date

Microsoft’s SQL Server Integration Services is an ETL tool that attempts to mix visual programming (for designing data flows) with the reality that at some point, you’re just going to need to write some code. Your typical SSIS package starts as a straightforward process that quickly turns into a sprawling mix of spaghetti-fied .NET code, T-SQL stored procedures, and developer tears.

TJ L. inherited an SSIS package. This particular package contained a step where a C# sub-module needed to pass a date (but not a date-time) to the database. Now, this could be done easily by using C#’s date-handling objects, or even in the database by simply using the DATE type, instead of the DATETIME type.

Instead, TJ’s predecessor took this route instead:

CREATE PROC [dbo].[SetAsOfDate]
        @Date datetime = NULL
                                        WHEN @Date IS NULL THEN GETDATE()
                                        ELSE @Date


The good about this code is that it checks its input parameters. That’s defensive programming. The ugly is the less-than 1950 check, which I can only assume is a relic of some Y2K bugfixes. The bad is the `CAST(FLOOR(CAST(@Date AS FLOAT)) as DATETIME).

[Advertisement] Otter, ProGet, BuildMaster – robust, powerful, scalable, and reliable additions to your existing DevOps toolchain.

XKCDWifi vs Cellular

July 18, 2017

Worse Than FailureThe Little Red Button

Bryan T. had worked for decades to amass the skills, expertise and experience to be a true architect, but never quite made the leap. Finally, he got a huge opportunity in the form of an interview with a Silicon Valley semi-conductor firm project manager who was looking for a consultant to do just that. The discussions revolved around an application that three developers couldn't get functioning correctly in six months, and Bryan was to be the man to reign it in and make it work; he was lured with the promise of having complete control of the software.

The ZF-1 pod weapon system from the Fifth Element

Upon starting and spelunking through the code-base, Bryan discovered the degree of total failure that caused them to yield complete control to him. It was your typical hodgepodge of code slapped together with anti-patterns, snippets of patterns claiming to be the real deal, and the usual Assortment-o-WTF™ we've all come to expect.

Once he recognized the futility of attempting to fix this mess, Bryan scrapped it and rewrote it as a full-blown modular and compositional application, utilizing MVVM, DDD, SOA, pub/sub; the works. Within three weeks, he had it back to the point it was when he started, only his version actually worked.

While he had righted the sinking ship, it was so successful that the project team started managing it, which proved to be its undoing.

Given the sudden success of the project, the department head committed the application to all the divisions company wide within three quarters - without informing Bryan or anyone else on the team. After all, it's not like developers need to plan for code and resource scalability issues beyond the original design requirements or anything.

We've read countless stories about how difficult it is to work with things like dates and even booleans, but buttons are pretty much solidly understood. Some combination of text, text+image or just image, and an onAction callback pretty much covers it. Oh sure, you can set fg/bg colors and the font, but that's usually to just give visual clues. Unfortunately, buttons would be the beginning of a downward spiral so steep, that sheer inertia would derail the project.

The project manager decided that images were incredibly confusing, so all buttons should have text instead of icons. Bryan had created several toolbars (because ribbons were shot down already) which, according to management, made the application unusable. In particular, there was a fairly standard user icon with a pencil bullet that was meant to (as you might have guessed it) edit users...

  Manager:  So I looked at it with Lisa and she had no clue what it was.  
            It was so confusing that no one would ever be able to use our 
            application with it.  Buttons should all be text and not images!

OK, let’s forget that ribbons and toolbars have been an application standard for decades now; let’s focus on how confusing this really is. To that end, Bryan did the nanny test. He asked his nanny what she thought it meant and she thought that the button had something to do with people. Awesome, on the ball! After explaining what it did she agreed it made sense.

  Bryan: How about we explain it to the users and add a tooltip?
  Mgr:   Tooltips take way too long to display and it’s still 
         incredibly confusing – no one would remember it. We
         don't want people pressing the wrong buttons!
         And why are some of the buttons different colors than others?

Bryan wasn't sure if the manager realized how stupidly he was treating his users, if he was just oblivious, or if he was just pushing for his personal preference. In the end, all the toolbars were removed and the icons were replaced with text. This left an application with assorted colored buttons with text. Unfortunately, some of the buttons were so small that the text got displayed as a truncated string. Also, no amount of explanation could convey that color could also convey meaning (think traffic lights).

As his opinion in UI matters dwindled to nothing over the next couple of months, one of the four BA’s on the team of six pinged Bryan for a meeting about scalability. He wanted to make sure that the project was scalable for the next three quarters. Enter the Holy Hell Twilight Zone moment in the land where no ribbons or toolbars exist, as the project manager was also involved.

  Mgr:   I’ve got to make sure we have everything we need to 
         scale for the next three quarters.
  Bryan: I can’t get the project manager to commit to lay out
         three weeks of planning for development. I can’t even 
         begin to guess if we have what we need for the next three 
  Mgr:   Well the vice president has a commitment to deploy this 
         to all divisions in the company within three quarters and 
         I’m tasked to make sure we have what we need.

Now Bryan could make up statistics better than 84.3% of people, but what was asked was impossible to determine. Additionally there was a flat out refusal to even vaguely commit to development more than a week or two in advance, so there was heavy resistance just to get the information needed to try!

At this point in time, Bryan felt the need to bail out, but before he left town he grabbed his prized coffee mug from the office. He wasn’t going to be back in town for at least three weeks and from his prior experiences he knew where this was going.

Of course the guy who originally sunk the ship in the first place had a true killer instinct, apparently knew better than Bryan and was left to steer the ship again. All these problems and issues that Bryan saw coming were either over exaggerations or without merit. The project manager felt so comfortable with the architecture and frameworks that Bryan put in place that he felt confident that there was absolutely nothing that he couldn’t handle. After all, he now had the buttons he wanted and understood. Bryan repeatedly asked if he wanted code walkthroughs and was denied. He didn't need to know what the different colors on the buttons were for. Bryan was even given 40 free consulting hours and even told not to check in his latest bug fixes.

Bryan sent his final farewell with a picture of him drinking from his coffee mug at home and out of state.

A real killer, when handed the ZF-1, would've immediately asked about the little red button on the bottom of the gun.

[Advertisement] Infrastructure as Code built from the start with first-class Windows functionality and an intuitive, visual user interface. Download Otter today!

July 17, 2017

XKCDCity Nicknames

July 14, 2017


July 05, 2017

Tim Bray Bye, Rune

She was a purebred (Bengal) actually, with a formal name: Bellsangels Rune, and a pedigree. Born March 23, 1998, departed this life June 23rd, 2017, aetat 19 years and 3 months. She predated our children and digital cameras and this is the only obit she’ll get, so it’ll be lengthy. But not unamusing I hope, full of stories, and bookended by baseball.

Bellsangels Rune

The “Rune” is because when she arrived the senior housecat was named “Bodoni” after the typeface, and we failed to find a font we fancied with a feminine feline name; since she was skinny and angular “Rune” seemed OK. Our next-door neighbor called her “Rooney” and there was no point correcting him.

We bought a fancy cat because we were mad at the Humane Society for sending us home with Millie the kitten, who turned out to have distemper and died in 48 hours. Which prevented us from adopting another for a full year, to avoid lingering microbes.

Rune was the best cat ever, but the fancy-cat-acquisition process gets you into pretty weird territory. Her breeders were in a distant suburb, in a big carpet-free house full of kittens and a morose Great Dane, eye bandaged due to kitten-stab.

Also they operated a cat hotel which we patronized a few times while traveling. Its rooms were themed: I only remember the Bridal Suite and the Sports Bar (walls lined with real booze in miniatures). They’d come and pick the boarders up in an old limo with a huge stuffed tiger in the back.

They never, even once, used the word “cat” — “kitty” and only “kitty”

One time I asked them if they showed their cats and they said No; that they’d found the people who show cats were a little on the strange side.

Rune on a rafter

A very early digital photograph, captured in December 1998
on a miserable little 640x480 first-generation digicam.

Above, Rune’s on our exposed upstairs rafters; she leaped from one to the next for pure fun. It felt a bit odd betimes, when she’d park on the rafter over the shower and admire your scrubbing technique; I guess she liked the steam.

She was lethal in her youth, the terror of the local rodents and even biggish birds. One time she and I were chilling on the front steps when a crow landed on the neighbor’s porch railing to caw at us with attitude. On the third caw Rune was down the stairs, through the hedge, up the side of that porch, and the crow’s leg was in her jaws, before the bird or I could react. But she was a small cat and it was a big crow. I intervened to put the bird into the fork of a big tree and the cat inside. Maybe the crow survived.

The other crows learned. In her prime, it was super-annoying the way they’d appoint a posse to follow her around the neighborhood, perch on wires and trees, and squawk at top volume when you were trying to have a conversation or listen to music. She hunched and looked oppressed, but I didn’t feel that sorry for her.

Rune on a vna

Rune has captured the neighbor’s van
and is wondering what to do with it.

She was a people cat. Unfortunately the three-to-five humans co-resident during her tenure were not nearly enough to meet her needs, so she adopted the neighborhood. The guy who called her “Rooney” is a little bit gruff and territorial; but eventually accepted that if the door was open, she’d be in to look for a lap or a handout.

This was mostly OK; but another neighbor (with whom we carpooled kids to school), seemed embarrassed not outraged when she confessed that Rune had sent her cat to the vet with abscessed wounds.

My personal fave episode was when she visited the upstairs next-door neighbors, which was OK but they forgot she was there and went out. After a while she became upset, which she expressed by pushing objects out their open bathroom window to the pavement two stories below; I think none survived.

Her magic, once again: Nobody complained. I guess they thought it was their fault.


Rune was occasionally a poor citizen of the household; sometimes maliciously so. In her view, the greatest sin, punishable by targeted peeing (more below), was ignoring her.

But the only time she drove me to violence (against any living mammal since I turned 18) was the Great Reshelving. We’d reorganized our shelves in a way that required that the books all be taken out, stacked on the floor, then replaced. This is an onerous task. Our shelves are deeper than strictly necessary, and Rune figured out she could get behind the books on a half-filled shelf and push them loudly out on the floor. What could be more fun?

Dear Reader, I must confess that, after a certain number of gleeful deshelvings, she impacted the sofa (soft, mind you) at fairly high speed and, on the rebound, failed to plant a clean landing on the hardwood. She glared at me and left the room in what P.G. Wodehouse used to call a Very Marked Way. Which she had to, because I glared back with intent.

In this case I have evidence. Here she is, disrupting the “T” section. Fortunately, she never actually realized that the volumes of Gibbons were separable as opposed to just a catwalk.

Rune displacing books

Peeing with intent

This was her worst, purely malicious, sin. She understood the cat litter (and of course the garden outside) perfectly well. But if when aggrieved (as in, left alone in the house for too many hours) she discovered a garment left on the floor near an attractive perch, she would perch, cock her tail, and express her smelly feelings with perfect aim from as far as several feet away.

“Well,” I lectured the children in a superior moral tone, “what can you expect if you leave your things lying on the floor all sloppy like that?” Having, of course, first suppressed the evidence of my own befouled knapsack.

Table raider

Another major sin. All the cats who’ve lived with us understood that We Do Not Feed Pets From The Table. The kids learned this early too. As did Rune, but she just didn’t care. If you got up, leaving a pork chop or chicken kebab on your plate, and foolishly didn’t push your chair in, you probably wouldn’t get to eat the rest of it.

Once again, I have photographic evidence.

Rune and boy

In this case, the meat is mostly gone from the plate,
so Rune is immune from instant banishment.
We both understood the rules of the game.

That, by the way, is my son, then aged ten, who just graduated from high school and may make a named appearance in this space soon if he wants to.

The best pictures of Rune are all looking up at her, because of course she enjoyed looking down on us.

Rune looking down Rune looking down

I’ll miss her awfully. But so far I’ve left out her purest love.

Video cat

From a cat’s point of view you can’t beat a TV binge, be it baseball or Miyazaki or long-narrative-arc series, because the humans’ thighs are horizontally immobilized on the sofa. She enjoyed us watching (to name a few) Lost and Battlestar Galactica and The Wire and Deep Space Nine and Orphan Black, rarely missing an episode.

Sometimes, knitting was involved.

Rune watching TV

Not watching out for Cylons.

Baseball brackets

Her end came fast; she’d been going downhill for months, but with little pain it seemed, and then one morning her back legs didn’t work, a blood-clot they said and not reversible, so the decision was easy. My son and I took her to the vet and held her warm while she died.

Neither kid had known a time without Rune, so it was a pretty gloomy household. Casting about the next day, I noticed a minor-league baseball game at the park ten blocks from us, so we went.

Minor-league baseball the day after Rune died

Rune had left us gradually, her illnesses mounting; I’d been dealing OK with the grief. But then I remembered a scene from the late summer of 1999 that our friend Kim photographed on film; a bit low-rez, but look at it anyhow.


We’d taken our new baby (the same kid you saw above) to a ballgame, strapped to my chest. It all went OK, the child pretty drowsy, till the home team made a brilliant double play in the second. I leaped up and clapped and cheered, and the poor little guy woke up, panicked, and howled fiercely, much to the amusement of my fellow fans: Spot the rookie Dad.

Whatever, we were going home with our new baby and our little cat would be happy to see us. Shortly after I took that 2017 ballpark photo, I thought of the other, and the empty house we’d be coming home to. I’m pretty sure nobody saw me weeping into my hot dog for a departed friend.

Tonight, I put on a high-tech fleece in the after-dinner summer cool and noticed it still had cat hairs on it in multiple shades of brown. I’m not putting it in the laundry any time soon.

June 30, 2017

Tim Bray Map Review Fear

My daughter had a swollen infected face on a holiday morning, so I looked up nearby walk-in clinics on Google Maps. The one I picked was deserted, efficient, and kind. Afterward, without even thinking about it, I tapped a good review into the map. Then I wondered if I might be part of a really big problem.

On Google

I’m still broadly in sympathy with Google’s efforts on the Internet, which have mostly made it better. And they’re so easy to understand: They want everyone to be online all the time to see ads, ideally on a Google property where they don’t have to divvy the take.

Autonomous vehicles? Online while driving. Google Glass? Online while walking. Blogspot? Gmail? Maps? YouTube? Whatever you’re doing, do it here please.

On reviews

Crowdsourced reviews are, on balance, a Good Thing. Sure, for anything you care deeply about, there are specialist pubs with writing by educated pros: DPReview, Wirecutter, Stereophile, and so on.

But for shopping sites, travel sites, anything sites, a good review infrastructure that inspires trust is a huge value-add.

But, for hardware stores? Clinics? Gastropubs? In fact, anything you use a map for? It dawns on me that I’ve started consulting those reviews that pop up on every map search; because they’re useful. And now, I’ve written one. And did Google ever let me know they were happy; unctuous thanks, gentle encouragement to do it again.

Google’s dominance in the map space never bothered me because the product, by and large, is very good. Maps would be very near the top of any list of apps I value and use the most. But the potential commercial power in that review inventory is awesomely, frighteningly, high. I thought of a few ways you might monetize it and they all left bad tastes in my mouth. On top of which, it’s a moat around Maps, making it hard for a competitive technology — this is the first generation of online mapping, of course there are huge improvements to come — to get a foothold.

Me declining to review places won’t bend any curves. But now I don’t feel so good about doing it.

April 17, 2017

etbeMore KVM Modules Configuration

Last year I blogged about blacklisting a video driver so that KVM virtual machines didn’t go into graphics mode [1]. Now I’ve been working on some other things to make virtual machines run better.

I use the same initramfs for the physical hardware as for the virtual machines. So I need to remove modules that are needed for booting the physical hardware from the VMs as well as other modules that get dragged in by systemd and other things. One significant saving from this is that I use BTRFS for the physical machine and the BTRFS driver takes 1M of RAM!

The first thing I did to reduce the number of modules was to edit /etc/initramfs-tools/initramfs.conf and change “MODULES=most” to “MODULES=dep”. This significantly reduced the number of modules loaded and also stopped the initramfs from probing for a non-existant floppy drive which added about 20 seconds to the boot. Note that this will result in your initramfs not supporting different hardware. So if you plan to take a hard drive out of your desktop PC and install it in another PC this could be bad for you, but for servers it’s OK as that sort of upgrade is uncommon for servers and only done with some planning (such as creating an initramfs just for the migration).

I put the following rmmod commands in /etc/rc.local to remove modules that are automatically loaded:
rmmod btrfs
rmmod evdev
rmmod lrw
rmmod glue_helper
rmmod ablk_helper
rmmod aes_x86_64
rmmod ecb
rmmod xor
rmmod raid6_pq
rmmod cryptd
rmmod gf128mul
rmmod ata_generic
rmmod ata_piix
rmmod i2c_piix4
rmmod libata
rmmod scsi_mod

In /etc/modprobe.d/blacklist.conf I have the following lines to stop drivers being loaded. The first line is to stop the video mode being set and the rest are just to save space. One thing that inspired me to do this is that the parallel port driver gave a kernel error when it loaded and tried to access non-existant hardware.
blacklist bochs_drm
blacklist joydev
blacklist ppdev
blacklist sg
blacklist psmouse
blacklist pcspkr
blacklist sr_mod
blacklist acpi_cpufreq
blacklist cdrom
blacklist tpm
blacklist tpm_tis
blacklist floppy
blacklist parport_pc
blacklist serio_raw
blacklist button

On the physical machine I have the following in /etc/modprobe.d/blacklist.conf. Most of this is to prevent loading of filesystem drivers when making an initramfs. I do this because I know there’s never going to be any need for CDs, parallel devices, graphics, or strange block devices in a server room. I wouldn’t do any of this for a desktop workstation or laptop.
blacklist ppdev
blacklist parport_pc
blacklist cdrom
blacklist sr_mod
blacklist nouveau

blacklist ufs
blacklist qnx4
blacklist hfsplus
blacklist hfs
blacklist minix
blacklist ntfs
blacklist jfs
blacklist xfs

February 06, 2017

etbeSE Linux in Debian/Stretch

Debian/Stretch has been frozen. Before the freeze I got almost all the bugs in policy fixed, both bugs reported in the Debian BTS and bugs that I know about. This is going to be one of the best Debian releases for SE Linux ever.

Systemd with SE Linux is working nicely. The support isn’t as good as I would like, there is still work to be done for systemd-nspawn. But it’s close enough that anyone who needs to use it can use audit2allow to generate the extra rules needed. Systemd-nspawn is not used by default and it’s not something that a new Linux user is going to use, I think that expert users who are capable of using such features are capable of doing the extra work to get them going.

In terms of systemd-nspawn and some other rough edges, the issue is the difference between writing policy for a single system vs writing policy that works for everyone. If you write policy for your own system you can allow access for a corner case without a lot of effort. But if I wrote policy to allow access for every corner case then they might add up to a combination that can be exploited. I don’t recommend blindly adding the output of audit2allow to your local policy (be particularly wary of access to shadow_t and write access to etc_t, lib_t, etc). But OTOH if you have a system that’s running in enforcing mode that happens to have one daemon with more access than is ideal then all the other daemons will still be restricted.

As for previous releases I plan to keep releasing updates to policy packages in my own apt repository. I’m also considering releasing policy source to updates that can be applied on existing Stretch systems. So if you want to run the official Debian packages but need updates that came after Stretch then you can get them. Suggestions on how to distribute such policy source are welcome.

Please enjoy SE Linux on Stretch. It’s too late for most bug reports regarding Stretch as most of them won’t be sufficiently important to justify a Stretch update. The vast majority of SE Linux policy bugs are issues of denying wanted access not permitting unwanted access (so not a security issue) and can be easily fixed by local configuration, so it’s really difficult to make a case for an update to Stable. But feel free to send bug reports for Buster (Stretch+1).

December 24, 2016

etbeVideo Mode and KVM

I recently changed my KVM servers to use the kernel command-line parameter nomodeset for the virtual machine kernels so that they don’t try to go into graphics mode. I do this because I don’t have X11 or VNC enabled and I want a text console to use with the -curses option of KVM. Without the nomodeset KVM just says that it’s in 1024*768 graphics mode and doesn’t display the text.

Now my KVM server running Debian/Unstable has had it’s virtual machines start going into graphics mode in spite of nomodeset parameter. It seems that an update to QEMU has added a new virtual display driver which recent kernels from Debian/Unstable support with the bochs_drm driver, and that driver apparently doesn’t respect nomodeset.

The solution is to create a file named /etc/modprobe.d/blacklist.conf with the contents “blacklist bochs_drm” and now my virtual machines have a usable plain-text console again! This blacklist method works for all video drivers, you can blacklist similar modules for the other virtual display hardware. But it would be nice if the one kernel option would cover them all.

November 06, 2016

etbeIs a Thinkpad Still Like a Rolls-Royce

For a long time the Thinkpad has been widely regarded as the “Rolls-Royce of laptops”. Since 2003 one could argue that Rolls-Royce is no longer the Rolls-Royce of cars [1]. The way that IBM sold the Think business unit to Lenovo and the way that Lenovo is producing both Thinkpads and cheaper Ideapads is somewhat similar to the way the Rolls-Royce trademark and car company were separately sold to companies that are known for making cheaper cars.

Sam Varghese has written about his experience with Thinkpads and how he thinks it’s no longer the Rolls-Royce of laptops [2]. Sam makes some reasonable points to support this claim (one of which only applies to touchpad users – not people like me who prefer the Trackpoint), but I think that the real issue is whether it’s desirable to have a laptop that could be compared to a Rolls-Royce nowadays.


The Rolls-Royce car company is known for great reliability and support as well as features that other cars lack (mostly luxury features). The Thinkpad marque (both before and after it was sold to Lenovo) was also known for great support. You could take a Thinkpad to any service center anywhere in the world and if the serial number indicated that it was within the warranty period it would be repaired without any need for paperwork. The Thinkpad service centers never had any issue with repairing a Thinkpad that lacked a hard drive just as long as the problem could be demonstrated. It was also possible to purchase an extended support contract at any time which covered all repairs including motherboard replacement. I know that not everyone had as good an experience as I had with Thinkpad support, but I’ve been using them since 1998 without problems – which is more than I can say for most hardware.

Do we really need great reliability from laptops nowadays? When I first got a laptop hardly anyone I knew owned one. Nowadays laptops are common. Having a copy of important documents on a USB stick is often a good substitute for a reliable laptop, when you are in an environment where most people own laptops it’s usually not difficult to find someone who will let you use theirs for a while. I think that there is a place for a laptop with RAID-1 and ECC RAM, it’s a little known fact that Thinkpads have a long history of supporting the replacement of a CD/DVD drive with a second hard drive (I don’t know if this is still supported) but AFAIK they have never supported ECC RAM.

My first Thinkpad cost $3,800. In modern money that would be something like $7,000 or more. For that price you really want something that’s well supported to protect the valuable asset. Sam complains about his new Thinkpad costing more than $1000 and needing to be replaced after 2.5 years. Mobile phones start at about $600 for the more desirable models (IE anything that runs Pokemon Go) and the new Google Pixel phones range from $1079 to $1,419. Phones aren’t really expected to be used for more than 2.5 years. Phones are usually impractical to service in any way so for most of the people who read my blog (who tend to buy the more expensive hardware) they are pretty much a disposable item costing $600+. I previously wrote about a failed Nexus 5 and the financial calculations for self-insuring an expensive phone [3]. I think there’s no way that a company can provide extended support/warranty while making a profit and offering a deal that’s good value to customers who can afford to self-insure. The same applies for the $499 Lenovo Ideapad 310 and other cheaper Lenovo products. Thinkpads (the higher end of the Lenovo laptop range) are slightly more expensive than the most expensive phones but they also offer more potential for the user to service them.


My first Thinkpad was quite underpowered when compared to desktop PCs, it had 32M of RAM and could only be expanded to 96M at a time when desktop PCs could be expanded to 128M easily and 256M with some expense. It had a 800*600 display when my desktop display was 1280*1024 (37% of the pixels). Nowadays laptops usually start at about 8G of RAM (with a small minority that have 4G) and laptop displays start at about 1366*768 resolution (51% of the pixels in a FullHD display). That compares well to desktop systems and also is capable of running most things well. My current Thinkpad is a T420 with 8G of RAM and a 1600*900 display (69% of FullHD), it would be nice to have higher resolution but this works well and it was going cheap when I needed a new laptop.

Modern Thinkpads don’t have some of the significant features that older ones had. The legendary Butterfly Keyboard is long gone, killed by the wide displays that economies of scale and 16:9 movies have forced upon us. It’s been a long time since Thinkpads had some of the highest resolution displays and since anyone really cared about it (you only need pixels to be small enough that you can’t see them).

For me one of the noteworthy features of the Thinkpads has been the great keyboard. Mechanical keys that feel like a desktop keyboard. It seems that most Thinkpads are getting the rubbery keyboard design made popular by Apple. I guess this is due to engineering factors in designing thin laptops and the fact that most users don’t care.

Matthew Garrett has blogged about the issue of Thinkpad storage configured as “RAID mode” without any option to disable it [4]. This is an annoyance (which incidentally has been worked around) and there are probably other annoyances like it. Designing hardware and an OS are both complex tasks. The interaction between Windows and the hardware is difficult to get right from both sides and the people who design the hardware often don’t think much about Linux support. It has always been this way, the early Thinkpads had no Linux support for special IBM features (like fan control) and support for ISA-PnP was patchy. It is disappointing that Lenovo doesn’t put a little extra effort into making sure that Linux works well on their hardware and this might be a reason for considering another brand.

Service Life

I bought my curent Thinkpad T420 in October 2013 [5] It’s more than 3 years old and has no problems even though I bought it refurbished with a reduced warranty. This is probably the longest I’ve had a Thinkpad working well, which seems to be a data point against the case that modern Thinkpads aren’t as good.

I bought a T61 in February 2010 [6], it started working again (after mysteriously not working for a month in late 2013) and apart from the battery lasting 5 minutes and a CPU cooling problem it still works well. If that Thinkpad had cost $3,800 then I would have got it repaired, but as it cost $796 (plus the cost of a RAM upgrade) and a better one was available for $300 it wasn’t worth repairing.

In the period 1998 to 2010 I bought a 385XD, a 600E, a T21, a T43, and a T61 [6]. During that time I upgraded laptops 4 times in 12 years (I don’t have good records of when I bought each one). So my average Thinkpad has lasted 3 years. The first 2 were replaced to get better performance, the 3rd was replaced when an employer assigned me a Thinkpad (and sold it to be when I left), and 4 and 5 were replaced due to hardware problems that could not be fixed economically given the low cost of replacement.


Thinkpads possibly don’t have the benefits over other brands that they used to have. But in terms of providing value for the users it seems that they are much better than they used to be. Until I wrote this post I didn’t realise that I’ve broken a personal record for owning a laptop. It just keeps working and I hadn’t even bothered looking into the issue. For some devices I track how long I’ve owned them while thinking “can I justify replacing it yet”, but the T420 just does everything I want. The battery still lasts 2+ hours which is a new record too, with every other Thinkpad I’ve owned the battery life has dropped to well under an hour within a year of purchase.

If I replaced this Thinkpad T420 now it will have cost me less than $100 per year (or $140 per year including the new SSD I installed this year), that’s about 3 times better than any previous laptop! I wouldn’t feel bad about replacing it as I’ve definitely got great value for money from it. But I won’t replace it as it’s doing everything I want.

I’ve just realised that by every measure (price, reliability, and ability to run all software I want to run) I’ve got the best Thinkpad I’ve ever had. Maybe it’s not like a Rolls-Royce, but I’d much rather drive a 2016 Tesla than a 1980 Rolls-Royce anyway.

November 18, 2014

Kelvin Lawrence - personal25 Years of the World Wide Web

I have been so busy that I am a few days late putting this post together but hopefully better late than never!

A few days ago, hard though it is to believe, the Worldwide Web, that so many of us take for granted these days, celebrated it's 25th anniversary. Created in 1989 by Sir Tim Berners-Lee , for many of us, "Web" has become as essential in our daily lives as electricity or natural gas. Built from its earliest days upon the notion of open standards the Web has become the information backbone of our current society. My first exposure, that I can remember, to the concept of the Web was in the early 1990s when I was part of the OS/2 team at IBM and we put one of the earliest browsers, Web Explorer, into the operating system and shipped it. Back then, an HTML web page was little more than text, images, animated GIFs and most importantly of all hyperlinks. I was also involved with the team that did some of the early ports of Netscape Navigator to OS/2 and I still recall being blown away by some of what I saw that team doing upon some of my many visits to Netscape in California what seems like a lifetime ago now!

 From those modest but still highly effective beginnings, the Web and most importantly perhaps, the Web browser, has evolved into the complete business and entertainment platform that it is today.

The Web, and open standards, have been part of my personal and work life ever since. I am honored to have been a small part of the evolution of the web myself. I have worked on a number of different projects with great people from all over the World under the auspices of the W3C for longer than I care to remember! I have done a lot of fun things in my career, but one of the highlights was definitely working with so many talented people on the original Scalable Vector Graphics (SVG) specification which is now supported by most of the major browsers and of course you can find my library of SVGsamples here on my site.

It is also so fitting that the latest evolution of Web technology, the finished HTML 5 specification was announced to coincide with the 25th anniversary of the Web.

I could write so much more about what the Web has meant to me but most of all I think my fondest memory will always be all of the great friends I have met and the large number of very talented people that I have had the good fortune to work with through our joint passion to make the Web a better and even more open, place.

Happy (slightly belated) Birthday Worldwide Web and here's to the next 25!

November 13, 2014

Kelvin Lawrence - personalAsian Tiger Mosquitoes

The weather has been unusually cold for the time of year the last day or so. I was actually hoping that if we get a hard freeze it will kill off for now the Asian Tiger mosquitoes that we have been overrun with this year. However I have my doubts as apparently, unlike other mosquitoes, their eggs, which they lay in vegetation and standing water, can survive a harsh winter. They apparently got into the USA in a shipment of waterlogged tires (tyres for my UK friends) some time ago and they are now spreading more broadly. They are covered in black and white stripes and look quite different than the regular "brown" colored mosquitoes we are used to seeing here. They are also a lot more aggressive. They bite all day long (not just at dusk) and even bite animals but definitely prefer humans. It has got so bad that we have had to pay to have our yard sprayed regularly almost all year so that we even have a chance to sit outside and enjoy our yard. These nasty little guys also transmit the chikungunya virus for which I currently believe there is no vaccine. It's not usually fatal but does have some nasty symptoms if you are unlucky enough to catch it. Here's a link to a WebMD write up on these little nasties.

November 12, 2014

Kelvin Lawrence - personalPink Floyd's Endless River - The End of an Era

I just purchased the new Pink Floyd CD from Amazon which includes a free digital download as well. I have been listening to it while I work today. Given the way the album was put together (using material the late Richard Wright recorded almost 20 years ago during the making of The Division Bell) much of the music is immediately familiar. I definitely also hear flashbacks to Wish You Were Here, Dark Side of the Moon and many other albums as well. It's mostly instrumental and there is a lot of it - four sides if you buy the vinyl version!! A lot of the music has an almost eerie tone to it - definitely a good one for the headphones with the lights off. It's a really good listen but left me feeling sad in a way, in a good way I guess, as much of their music has been the backdrop to the last 40 years or so of my life and this is definitely the end of a musical era as supposedly this is the last album the band plan to release. It has a bit of everything for Pink Floyd fans, especially those who like some of the "more recent" albums. Don't expect a bunch of rocking songs that you will be humming along to all day but as a complete work, listened to end to end, I found it very moving. Very much not your modern day pop tune and thank goodness for that!

October 26, 2014

Kelvin Lawrence - personalSeven years post cancer surgery

Today marks another big milestone for me. It has now been seven years since my cancer surgery. As always, I am grateful for all of my family, friends and doctors and every minute that I get to spend with them.

June 03, 2009

Software Summit June 3, 2009: The Finale of Colorado Software Summit

To Our Friends and Supporters,

In these challenging economic times, business has slowed, many companies have had to resort to layoffs and/or closures, and everyone has been tightening their belts. Unfortunately, Colorado Software Summit has not been immune to this downturn. As have so many companies and individuals, we too have experienced a severe decline in our business, and as a result we are not able to continue producing this annual conference.

This year would have been our 18th conference, and we had planned to continue through our 20th in 2011, but instead we must end it now.

Producing this conference has been a wonderful experience for us, truly a labor of love, and we have been extremely privileged to have been able to do well by doing good.  We are very proud of the many people whose careers flourished through what they learned here, of the extensive community we built via the conference, and of the several businesses that were begun through friendships made here. We treasure the friends we made, and we consider them to be part of our extended family. Just as in any family, we celebrated with them through joyous life events and grieved with them through tragic ones.

This is a sad time for us, of course, but not overwhelmingly so. It's sort of the feeling you have when your son leaves for college, or your daughter gets married. You knew it was coming someday, but it is here much sooner than you imagined, and the sadness is sweetened with the joy you had in all that has come before.

We have been privileged to have created a thriving community of friends who met for the first time at the conference, and we want that community to continue. We hope that all of you will stay in touch with us and with each other, and that the Colorado Software Summit community will continue as a source of wisdom and friendship to all of you. If you have ever attended one of our conference, we hope you will consider joining the Colorado Software Summit LinkedIn group as one means to keep in touch.

With our very best wishes for your future, and with unbounded gratitude for your support,

- Wayne and Peggy Kovsky -

All presentations from Colorado Software Summit 2008 have been posted.

May 18, 2009

Software Summit May 17, 2009: Additions to Preliminary Agenda for Colorado Software Summit 2009

We have posted additions to the preliminary agenda for Colorado Software Summit 2009, in two formats:

We will continue to post additions to this agenda during the coming weeks. Please check back here from time to time for additions and/or changes to the agenda, or subscribe to our RSS feed to receive notifications of updates automatically.

Presentations from the 2008 Conference

We have posted presentations for these speakers from Colorado Software Summit 2008:

Presentations from Colorado Software Summit 2008 will be posted periodically throughout the year.

May 03, 2009

Software Summit May 3, 2009: Additions to Preliminary Agenda for Colorado Software Summit 2009

We have posted additions to the preliminary agenda for Colorado Software Summit 2009, in two formats:

We will continue to post additions to this agenda during the coming weeks. Please check back here from time to time for additions and/or changes to the agenda, or subscribe to our RSS feed to receive notifications of updates automatically.

Presentations from the 2008 Conference

We have posted presentations for these speakers from Colorado Software Summit 2008:

Presentations from Colorado Software Summit 2008 will be posted periodically throughout the year.

April 26, 2009

Software Summit April 25, 2009: Preliminary Agenda for Colorado Software Summit 2009

We have posted the preliminary agenda for Colorado Software Summit 2009, in two formats:

We will continue to post additions to this agenda during the coming weeks. Please check back here from time to time for additions and/or changes to the agenda, or subscribe to our RSS feed to receive notifications of updates automatically.

Presentations from the 2008 Conference

We have posted presentations for these speakers from Colorado Software Summit 2008:

Presentations from Colorado Software Summit 2008 will be posted periodically throughout the year.